NGO Security

Friday, September 30, 2011

New Tourniquet Design

Coming from an emergency medical background, I recommend humanitarian workers in conflict zones carry what cops, the military, and PMC-types call a "blow-out" kit. This is small first aid kit that contains gloves, a tourniquet, compressed gauze, and some type of a blood-stopping bandage (also known as a pressure dressing). In case of a gunshot wound, explosion, or any event that causes serious bleeding, the kit can be used to save a life (your's or someone else's). You can bleed out from a bad arterial wound in two minutes, so stopping severe bleeding quickly is critical.

Although tourniquets are taught to be a tool of last resort in many first aid classes, they've become primary and proven lifesavers in conflict zones. Thanks to the wars in Iraq and Afghanistan, tourniquets have vastly improved in design and function. There are a number of different types available, including windlass, ratchet, and compression (check out Chinook Medical for examples).

There's also a brand new tourniquet that just appeared on the market that falls into the "why didn't I think of that" product category. Essentially it's an oversize plastic zip-tie. Called the Cobra Tourniquet it's advertised as simple to use, fast, lightweight, and relatively inexpensive. I'm waiting for some military and independent trials before recommending it for blow-out kits (SOFT, CAT, and TK-4 are still the best tourniquets out there, in my opinion), but it looks interesting. I'll update this post when I see test results.

There have been quite a number of medical advances in battlefield trauma treatment in the last decade - including the rapid use of tourniquets on severely bleeding extremities. These new military protocols and products are gradually being adopted by civilian emergency medical providers and will eventually be incorporated into standard first aid classes. That said, Always have training to go with the medical gear you're carrying. If you're interested in learning first aid that's applicable to conflict zones, I'd recommend (at least in the U.S.) looking for Tactical EMS/First Aid classes. These are targeted to law enforcement and security contractors, but the skill sets are also applicable to NGO staff working in harm's way. I've heard some humanitarian training organizations are starting to offer classes that go beyond standard first aid. I believe this is long overdue. More on that in a future post.

Thursday, September 29, 2011

LRA Crisis Tracker Map

Earlier in the month I posted about an interactive map that tracked drug violence incidents in Mexico. I mentioned it would be nice to have similar maps available for other conflict zones where humanitarian organizations work. I got an email from FHI 360 security director Norm Sheehan, that Resolve and Invisible Children are doing just that. They've released an interactive map Web site that provides information on LRA (Lord's Resistance Army) attacks in central Africa.

The map is linked to a database of reported LRA incidents, compiled from UN, NGO, and media sources. Data ranges from 2009 to the present. Whats cool is that the information is nearly real-time, with new reports of LRA activity being updated hourly (the HF radio early warning system in DR Congo is linked into the system).

I'm a "map guy" and really have to give the creators of this tool some serious credit - it's very well designed and implemented.

If your organization is doing work in South Sudan, Central African Republic, or DR Congo this resource is a must. If you're not operating in Africa, you should still check it out. I suspect it's a glimpse of what will be common within the humanitarian community in the very near future.

Sunday, September 25, 2011

Social Media and Security

I want to spend a few minutes talking about social media. That includes blogging, tweeting, forum posting, and friending. Many humanitarian security practitioners don't give social media much thought. But let me give you some real world examples I've encountered where social media went wrong and security issues arose (names, locations, and organizations aren't revealed for obvious reasons):

Blog posts about upcoming program site visits (including dates, destinations, and routes) in an area noted for banditry

Blog posts that revealed the location of an ex-pat humanitarian worker's residence (the staff member later left the conflict zone country when a Western intelligence agency warned an abduction was being planned)

Photos posted on a personal Web site that showed the inside of a field office (including the location of the safe)

An interview that appeared in an online magazine where a staff member discussed the details of refugee camp security measures

A Facebook page belonging to an ex-pat staff member working in a Muslim country that contained culturally insensitive photos and comments

Good security practice is all about reducing risk. Yet in each of the above cases, not enough thought was given to the security implications of online activities and the potential impact to individuals and the employing organization. (I personally believe there's a tendency for many people to treat the Internet as a separate reality that seldom, if ever, intersects with real life.)

To reduce exposure to possible consequences, a good social media policy that spells out what is acceptable online behavior is a must. In tandem, educating staff about some of the risks to themselves and their colleagues from unmindful use of social media is also essential

This falls more into a human resources versus a security responsibility within most organizations (but shouldn't stop a good security practitioner from making others aware of the risk). If your organization doesn't have a social media policy (or wants to see how others are dealing with potential issues), check out this great, free resource that provides a database of over 170 social media policies from business, non-profit, and government.

Postscript: While on the subject of social media. The Mexican drug cartels are increasing their attacks on bloggers. Listen to a recent NPR story and see this news account about a female blogger being decapitated. I wonder if this type of activity will become more widespread (in varying degrees of violence) outside of Mexico and outside of a drug cartel context. It bears watching, especially in developing country conflict zones where actors' Internet savvy is often significantly underestimated. 9/27/11 - It's not just cartels putting the squeeze on bloggers. The State of Veracruz just passed a law that makes social media illegal if it undermines public order.

Monday, September 19, 2011

Google Crisis Response

Google is involved in a number of worthy environmental and humanitarian causes. One of the lesser known projects is the Google Crisis Response Team. This is a small group within the company that makes critical information more accessible during natural disasters and humanitarian crises (the team maintains a Web site here). There are many elements of Google technology that can be put to use during a crisis. Check out this recent Google.org blog post where Nigel Snoad, the team project manager, discusses tools and resources that you may be able to put to use.

I'm all for having good technology at my disposal during events which require crisis management (tools like Google Earth have become indispensable to me for planning). My one caveat though, is you should always treat a technology-based solution as just another tool in your larger crisis response toolbox. In my opinion, having solid problem-solving and decision-making skills, that aren't dependent on a specific tool, is what's really essential. That foundation, coupled with a good understanding of the strengths and limitations of each of your tools (whether hi-tech or low-tech), will make you an infinitely more effective crisis manager.

Thursday, September 15, 2011

Waffles and Disasters

I remember driving through the windy and rainy remnants of Hurricane Ivan in 2004. I was in a convoy of vehicles headed to Pensacola, Florida that was part of a federal disaster medical response. The power was out everywhere and nothing was open. Then the lead SUV radioed that a restaurant up ahead had cars in the parking lot. We all pulled in and surprisingly enough, the fast food place was open for business (they had a generator running and offered a cash-only, limited menu). We wolfed down some hot food, thanked the manager, and were on our way. Everyone commented on the amazing resilience of a small restaurant in the middle of nowhere.

I didn't know it at the time, but that little Waffle House was part of a larger, well-crafted disaster plan. The Waffle House restaurant chain rates as one of the best disaster prepared businesses in the United States. Operating in the hurricane-prone South and Mid-Atlantic regions, the company has pre- and post-disaster plans for keeping its 1,600 restaurants open (or getting them quickly reopened). Providing customers with reasonably priced, hot food when nothing else is available is part of the privately held company's business model. And it works. FEMA even uses Waffle Houses as part of their disaster assessments – if a Waffle House isn't open someplace, they know conditions in that area are bad.

I give Waffle House some serious points for planning, logistics, and execution (key elements of any emergency response). Check out a recent Wall Street Journal article and the associated video for more.

Tuesday, September 13, 2011

Mexico Crime Map

If your organization is operating in Mexico (or you're thinking about a winter holiday there), be sure to check out the Wikinarco interactive drug-crime map. Arrests, assassinations, shoot-outs, and which cartels operate where are all plotted on a zoomable Google map. In addition, crime statistics over time (starting in January 2011) are charted and you can click on an incident to get detailed information. The user interface is in Spanish, but even if you no hablo it's still fairly easy to use and understand. I'd love to see similar, conflict zone-related maps for other places humanitarian NGOs work - this would be a great ANSO project.

9/16/11 - Running Web sites in Mexico such as the one above can be dangerous, as evidenced by recent cartel threats and murders.

Saturday, September 10, 2011

Security Focal Point Rant

If you're not familiar with the term Security Focal Point (or Safety and Security Focal Point), it refers to a staff member in a field office who has some degree of responsibility for safety and security. Often these responsibilities are grafted onto existing jobs such as logistics, administration, or program management (sometimes with added pay, sometimes not). The title has crept into the humanitarian community's lexicon over the years and is widely used. Attend a class or presentation on NGO security and I guarantee you that SFPs or SSFPs will be mentioned. These days you can even get a Security Focal Point certificate from some training organizations.

For some reason I've been thinking about this term lately and I've come to the personal conclusion that it really smacks of bureaucracy and class distinction (especially when applied to local and national staff). Just what exactly is a focal point? Why not use a more descriptive and easy to understand title such as safety and security coordinator or safety and security manager?

I'm not certain who first coined the term (although it does have a UN-ish ring to it). Maybe it came about because coordinator and manager titles are typically associated with higher pay levels. Or perhaps it was an attempt to differentiate professional security staff from the part-timers (that's a rant for another day). Or maybe it was a control thing in helping to keep safety and security centralized at the headquarters level. I don't know.

I do know that if you're entrusting someone with safety and security responsibilities, the very least you should do is give him or her a descriptive title that conveys meaning and respect. For me, a vague, ill-defined buzzword just doesn't cut it anymore.

Does your organization have a good reason for using Security Focal Point as a title or is it just going along with the crowd? Post a comment.

Tuesday, September 06, 2011

Decreasing Distracted Driver Danger

Getting drivers and staff members to wear seat belts is a low-hanging fruit safety measure. Vehicle accidents account for a significant number of humanitarian worker injuries and fatalities, and using seat belts is a simple and effective way to mitigate risk.

Once you get an effective seat belt policy and program in place for your organization, you can further reduce risk by raising awareness of the dangers of driver inattention. This is a bigger issue than you may think. In 2009, an estimated 20% of vehicle crashes in the U.S. were a result of driver inattention. You've probably heard that talking on a cell/mobile phone while driving can cause accidents – one study showed that using a cell phone while driving, whether hand-held or hands-free, delayed a driver's reaction time as much as having a blood alcohol concentration of .08 percent (the legal limit in the U.S., Canada, and U.K., but legally drunk in most other countries). Phones are just the tip of the iceberg. Lots of research has been done on other activities that can distract a driver and prevent him or her from seeing and/or responding to something that could cause an accident. Here's a chart from a study that shows the percentages of crashes with fourteen common sources of driver distraction (one or more distractions may have been present in a crash):

Any activity that takes a driver's focus away from the road can increase risk, but as you can see, some are more risky than others. (While much distraction research tends to be U.S.-focused, it's reasonable to assume the basic findings apply elsewhere in the world.)

Considering the accident statistics, developing a distracted driver education program for your organization and adding appropriate policies (such as no cell phone use while driving) is a worthwhile investment that could save lives.

The U.S. Department of Transportation has an excellent Web site (www.distraction.gov) with lots of information including research and workplace educational material.

Friday, September 02, 2011

Inside the WikiLeaks Cables

Yesterday I posted about the unredacted U.S. government diplomatic cables that had found their way onto the Internet. I suggested that humanitarian organizations doing international work should review the content to see if they are mentioned. There hadn't been much NGO-related material mentioned in the cables officially released by WikiLeaks, but I suspected there might be in the unreleased cables (Update - as of today, WikiLeaks has released all of the cables).

My hunch was correct. In skimming through the cables there is a large volume of communications about international NGOs and the UN. Some of it mundane (program reports), some of it controversial (country director opinions of host governments and leaders), some of it concerning security incidents (a few that I'd heard about through the community grapevine and others I hadn't). For example, here's an extract from a 2006 cable about the security situation in Darfur:

SUBJECT: DARFUR: NGO PRESENCE UNDER THREAT--------------------------------------------------NGOs Operating Under Increasingly Harsh Conditions--------------------------------------------------3. (C) A variety of occurrences over the past three months underscores the tenuous security environment faced by non-governmental organizations (NGOs) operating in Darfur.The nature of the events and their severity are increasing; the potential for further deterioration during the holiday season put NGOs at increased risk. This is particularly true in the Gereida area of South Darfur, a town along the strategic Nyala ) Buram road that has seen ongoing conflict for more than two years between tribal militias, rebel groups, Sudan Armed Forces, Popular Defense Forces (PDF), and Janjaweed.

4. (C) Several recent events reflect this trend (Refs A andB):-- The rape, apparently designed to send a brutal warning to international humanitarian workers, of an Action Contre la Faim (ACF) expatriate worker;-- The rising pace of vehicles car-jackings ) with 20 vehicles being stolen during the past month;-- The selective theft of communications equipment and computers (Ref A), which impedes the ability of NGOs to conduct their normal activities, report on conditions, and communicate with outsiders;-- The interrogation of CARE International workers, including regarding their private e-mail messages (Ref B);-- The withdrawal of NGOs from Darfur and relocation of 400 humanitarian assistance workers so far in the month of December alone (Ref C); and-- The decreased overall ability of the international community to deliver essential services and commodities for internally displaced persons (IDPS) in Darfur.

----------------------------------------------------MFA: NGOs are Politically Manipulated, Need Courage----------------------------------------------------5. (C) During a December 21 meeting with State Minister of Foreign Affairs Ahmed Ali Karti, Charge Hume underscored the gravity of recent security events in Darfur, particularly in the Gereida area. The theft of a dozen vehicles, withdrawal of Oxfam and ACF, and sexual assault of a humanitarian worker jeopardized essential services and goods for 100,000 IDPs. Karti accused NGO workers of over-reacting, and not having the courage to remain in environments they knew to involve risk. Irritated, he stated they knew of Darfur\'s problems and were paid to do their work despite poor security. There is no perfume or roses in Darfur, he added, and NGO workers should refrain from reporting every wrong they encounter. The Sudanese Government cannot help them; they should return when there is stability. Finally, he accused NGO workers of \"trying to play politics,\" and being manipulated to send a \"political message.\"

Material such as this is interesting from a historical perspective, but my primary concern is about information that could increase risk to an organization and its staff. Unfortunately, this is also present. One organization I work with had the names of a few local staff members listed in a cable; discussing security conditions and their opinions of anti-government factions. Another cable mentioned how programming activities might be beneficial to military information operations. While this organization works hard to maintain its neutrality (including no military involvement) and uses an acceptance strategy, erroneous perception can be damning. The organization's headquarters and country management team are now reviewing selected cables, determining possible impacts and appropriate responses.

Considering some of the things I've read in the cables relating to the humanitarian community, I now feel even stronger about the need for international organizations to check if they are mentioned and in what context - especially since the full set of cables is now easily searchable at CableGateSearch. It's a worthwhile exercise to play "what-if" the media, host governments, or anti-government actors are also reading these cables. Certainly nothing may come of it, but it's always better to be prepared in case it does.

Thursday, September 01, 2011

WikiLeaks Leaked Cables Update

In an earlier post, I suggested that security practitioners might want to pay attention to the content of leaked U.S. diplomatic cables in case information about their organization was present. Since perception can become reality, there's a chance the mention of an organization in some context might increase their risk exposure. Web sites such as CableDrum and CableGateSearch allow you to easily search for text in the cables that WikiLeaks has officially released.

Up until now, WikiLeaks has tightly controlled the flow of the compromised cables and hasn't released all of them. But as of yesterday, the entire, unredacted collection of cables (over 250,000) was unofficially leaked and has found its way onto the Internet (much to the dismay of WikiLeaks). 9/2/11 Update - There's a great description of how the encrypted cables were compromised here.

I'm not going to debate the legality or ethics of the release of this information. Only that the genie is out of the bottle, and anyone with a small amount of technical ability can now access the full set of cables.

A compressed version of the cables is currently available from various BitTorrent sources or can be directly downloaded (at the moment) from John Young's Cryptome disclosure site. The ~360 MB file is compressed in 7z format, you'll need a copy of the free compression utility 7-Zip to open the file. It uncompresses to a whopping ~1.7 GB text file. This is too large to open in Word or Excel for viewing (Excel's maximum number of lines is a bit over 65,000 and Word is constrained to around 100MB files but is also limited by system memory). So you'll either need to split the file into manageable chunks using a text file splitting program (such as HJSplit) or use a suitable text file reading program (Large Text File Viewer is a good, free Windows option). 9/2/11 Update - A colleague tipped me off to a much better and faster free program for viewing and searching large files. It's called Cream, a modern version of the old VIM programmer's editor, and is available here.

Searching through the entirety of such a large volume of unindexed data is a slow process (figure up to multiple hours for each text string you're interested in, depending on what program you're using). The search is going on in the background though, so you can be working on other things, checking the progress periodically and then clicking to search for the next instance of the text if it's found.

I suspect in the very near future someone will index all of the cables and put up an easy-to-use search Web site. But in the meantime, if you want to see if your organization is mentioned in any of the leaked cable traffic, the above information should help you get started. 9/2/11 Update - In response to the leak, WikiLeaks has now officially released all of the cables (with no redactions). They are available for browsing here or on CableGateSearch for full-text searching. I've written a follow-up to this post here.